I was the victim of a hacking which I only found out about yesterday. No amount of 2 step verification could have helped here to my knowledge, and I am a believer in 2 step verification. Nothing I could have done differently could have made a difference. The scary thing is how long it could have gone on for.

Listen, to say that I don’t understand how Blackhat hackers work is an understatement. They are more coders than marketers, thats for sure. Its a fascinating world, but it hasn’t been mine. I know what they do, and what their goals are, but I never really understood how they did it. And honestly, I still don’t entirely. But I got a taste of the tactic.

And while it’s super annoying that it happened, like my friend Menachem said, the bright side is, apparently my site is considered popular enough that it was worth their time.

@AaronFriedman the bright side is your blog must be popular or else way would the hackers bother.

But I am happy to say that I have kept true to the mission of this blog, which from day one was about learning. I have taught myself HTML from this blog, learned CSS, dabbled in photoshop and experimented with SEO theories. Because of the hack, I was able to get exposed to a whole new world of Spam that I never really understood.

Here is What I Learned From Being Hacked

Well for starters, I learned the “hard” way what Levitra is (see what I did there).

On Monday December 29th 2014, my colleague came up to me and said “dude, I think your site was hacked”. When I checked, all was good in the world wide web for me. But when I looked on his computer, sure enough, in the header, right under my logo, there was an add for erectile dysfunction medication. When I went back to my computer, I checked on incognito mode, and sure enough, there it was. Those sneaky bastards made sure that when I was logged in I wouldn’t see it. I had no idea how long it had been like that for, but I was obviously very concerned.

I called up my hosting company and they ran Sitelock for me to identify all the infected files.

By the time I got home, helped my wife with the baby, and settled in, it was already 9:30PM. I called the hosting company again and they basically told me unless I had a clean backup, there was really nothing they could help me with and I needed to hire someone (a developer) to clean it up for me.

At this point, I am literally freaking out. I use WordPress Backup To Dropbox, which is great, but I realized, this is creating a backup everyday. So this backup is likely infected too.

Not sure what to do, and emotionally exhausted from this whole debacle, I posted to Facebook that I was hacked, looking for a developer, and then I went to sleep.

But I sat in bed awake, thinking. And thinking.

My mind was racing.

And then I had an idea!

I jumped out of bed, and ran to fire up my computer to do some investigative work.

First, I had a look at the wayback machine to try and identify when this actually happened.

The earliest known date I saw was around the 15th (but there is a time difference because of where I live so I assume the 15th / 16th). This means, any backups I have are probably infected since it was a couple weeks.

I took the output I got from the sitelock crawl and followed the thread of each file to see what the deal was.

My plan was to go into each file, look, probably have no idea what I was doing, delete some random crap, break the file, restore it, and then submit that I had no idea what I was doing and needed professional help.

Turns out, something looked off when I went there. There were 2 files. And in many cases, when all of them were for example images, the copy was some random .PHP file. There was a pattern.

If you look at my “last modified” date on the site, it stands out but as an old date. Easy to overlook. However, look above at the backup (which is on the left). It says 12/16.2014. Which pretty much correlates with the date I found in the way back machine. This was the trend. Over and over and over, each one of the files had this date.

I Identified the date of the hack.

So I spend the next hour going file by file, identifying all of these “new” ones, checking them against the backup to make sure it truly was the infected file and make sure they truly were infected.

By the way, if you were curious, this is what the file looked like. Spammy as anything!!!

Once I cleared those out, I had to make one last change to the functions.php file. This strangely was the only file that was edited which had a lot of garble at the beginning. Rather than actually cleaning out the file myself (since I had no idea what kind of mess was actually in there other than the header), I figured the best thing to do would be to just go back into the original download file of the theme, pull that one file, and exchange it.

Once I did that, all was back to normal and working again.

I got back into bed by about 1:30AM.

How Did this Hack Happen?

I still don’t entirely know how the site was accessed. Just to be safe, I downloaded all sort of security plugins to experiment with.

Currently, I am using:

Sucuri Security: I don’t entirely know the full extent of what it will do, so I am trying it. While using this, it did show me that someone (or something) was trying to agressively access mysite. A brute force attack. I woke up to 20 emails warning me that this was happening. So I downloaded Brute Protector

BruteProtect: This generated some API key for me. I don’t know what it does yet. It is just sitting there.

Rublon: 2 step authentication. It is REALLY annoying when I want to log in, but will ensure no one can enter my site.

Unfortunatly, I don’t necessarily think this will entirely solve the problem, and I admit, I don’t completely know what else I can do to patch any vulnerabilities.

I have been running this blog for nearly 7 years and there is never a dull moment. Always something to learn, and that’s why I do it. As annoying as it is, I am glad I can use this as a learning experience.

I still have some outstanding questions like, how the hell did this happen? What plugin had a vulnerability? What is the best way to backup your site so in the event this happens again, I know where to go? Anyone who can answer those, it would be much appreciated.

Anyone who reads this blog may have figured out by now that I am an Orthodox Jew. Not long ago, my wife received a book in the mail titled “they thought for themselves” by Sid Roth. The premise of the book was, 10 inspirational Jewish stories from 10 Inspirational Jews. The book sounded great from the title of the book and the description on the back cover, so naturally I started reading. It started out like any classic inspirational story: Guy is jaded by religion, something tragic happens in his life, some how he is saved, finds religion, and everyone lives happily ever after. Except this one took an odd turn from what I was expecting. I will remind you, this was supposed to be a “Jewish” story book. But when the man started watching christian television ans was saved from his paralysis from jesus, I was needless to say a bit confused. I flipped to the end of the other stories to make sure I was reading this correctly. Turns out they all end the same way with jesus saving someone from near catastrophe.

This post is not meant to spark some kind of religious debate, and this blog has nothing to do with mine or your beliefs (just in case someone wanted to start getting into a religious debate or call me out on something, fair warning, I will delete your comment). The point of this post is to educate about Black Hat SEO tactics and I guess cal out Sid Roth and the unethical Black Hat SEO tacticts which he is using to get exposure for his “spam” book.

As a brief definition of what black hat SEO is, it is the practice of tricking the search engines in thinking your page is more relevant than it really is. Many of these tactics include, hidden text, keyword spamming, putting up a flash site with keywords behind the content (cloaking), and the list goes on. In the mainstream SEO world this practice is seriously frowned upon and in fact, everyone should be somewhat scared of it because the engines are getting smarter and more often then not, these tactics will get your website penalized or banned (see Daves Post about JC Penny.

And the obvious comparison here is:

Book has a title that is deceptive and has nothing to do with the content. Black Hat SEO’s use deceptive tacticts to get you to their site called cloaking.

Book has a description on the back of the book that is aimed to target a specific audience, however, once you go there, the content has nothing to do with what you read. Black Hat SEO’s use a tactic called doorway pages where they create a page solely to target a specific audience in hopes that they will click through to the home page. When the user clicks, they are often redirected to a page that has nothing to do with what they were looking for.

Book was promoted as a very “Jewish” sounding book, to make it more relevant sounding to the reader. Black Hat SEO’s often use keyword stuffing, a method of making a page sound more relevant to a search engine that it is in reality.

I guess the fact that I am writing this demonstrates my ethical aversion to black hat SEO tactics and apparently, I am not the only one who felt taken advantage of while reading that book. See what I mean!

﻿Most of the negative review’s I read began “I received this book in the mail” or this book was “sent free in the mail” or “this book arrived unsolicited” or even “I was surprised to see this book in the mail”. If I had to guess, thats typically a theme around black hat SEO.

(And to be perfectly clear, this post has absolutely nothing to do with any religious beliefs, it was simply a convenient way to demonstrate real life black hat SEO behavior)

My Name Is Aaron Friedman

What Digital Highrise Is All About

I am always finding great things online. Bout time I made a repository of sorts to keep track of it all. So here it is! Digital Highrise will be my repository of anything Digital, anything Viral, and anything that just makes you laugh.
In this Digital world, we need all the ammo we can to rise to the top.